IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

MM-58771 - Make manage_server permission, non updatable (#27481)

Browse Source 
* make manage_server, non updatable

* remove blank line
This commit is contained in:
Scott Bishel 2024-07-03 12:41:20 -06:00 committed by GitHub
parent 35dda81e32
commit 0dbef88cfc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/channels/api4/role.go
View File

@ -18,6 +18,7 @@ var notAllowedPermissions = []string{
model.PermissionSysconsoleWriteUserManagementSystemRoles.Id,
model.PermissionSysconsoleReadUserManagementSystemRoles.Id,
model.PermissionManageRoles.Id,
model.PermissionManageSystem.Id,
}
func (api *API) InitRole() {

28
server/channels/api4/role_test.go
View File

@ -46,7 +46,7 @@ func TestGetRole(t *testing.T) {
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "create_public_channel"},
Permissions: []string{"create_direct_channel", "create_public_channel"},
SchemeManaged: true,
}
@ -85,7 +85,7 @@ func TestGetRoleByName(t *testing.T) {
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "create_public_channel"},
Permissions: []string{"create_direct_channel", "create_public_channel"},
SchemeManaged: true,
}
@ -124,21 +124,21 @@ func TestGetRolesByNames(t *testing.T) {
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "create_public_channel"},
Permissions: []string{"create_direct_channel", "create_public_channel"},
SchemeManaged: true,
}
role2 := &model.Role{
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "delete_private_channel"},
Permissions: []string{"create_direct_channel", "delete_private_channel"},
SchemeManaged: true,
}
role3 := &model.Role{
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "manage_public_channel_properties"},
Permissions: []string{"create_direct_channel", "manage_public_channel_properties"},
SchemeManaged: true,
}
@ -207,7 +207,7 @@ func TestPatchRole(t *testing.T) {
Name: model.NewId(),
DisplayName: model.NewId(),
Description: model.NewId(),
Permissions: []string{"manage_system", "create_public_channel", "manage_slash_commands"},
Permissions: []string{"create_direct_channel", "create_public_channel", "manage_slash_commands"},
SchemeManaged: true,
}
@ -216,7 +216,7 @@ func TestPatchRole(t *testing.T) {
defer th.App.Srv().Store().Job().Delete(role.Id)
patch := &model.RolePatch{
Permissions: &[]string{"manage_system", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
Permissions: &[]string{"create_direct_channel", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
}
th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) {
@ -257,6 +257,14 @@ func TestPatchRole(t *testing.T) {
_, resp, err = client.PatchRole(context.Background(), systemManager.Id, patchManageRoles)
require.Error(t, err)
CheckNotImplementedStatus(t, resp)
patchManageSystem := &model.RolePatch{
Permissions: &[]string{model.PermissionManageSystem.Id},
}
_, resp, err = client.PatchRole(context.Background(), systemManager.Id, patchManageSystem)
require.Error(t, err)
CheckNotImplementedStatus(t, resp)
})
th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) {
@ -267,7 +275,7 @@ func TestPatchRole(t *testing.T) {
assert.Equal(t, received.Name, role.Name)
assert.Equal(t, received.DisplayName, role.DisplayName)
assert.Equal(t, received.Description, role.Description)
perms := []string{"manage_system", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"}
perms := []string{"create_direct_channel", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"}
sort.Strings(perms)
assert.EqualValues(t, received.Permissions, perms)
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
@ -290,7 +298,7 @@ func TestPatchRole(t *testing.T) {
CheckForbiddenStatus(t, resp)
patch = &model.RolePatch{
Permissions: &[]string{"manage_system", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
Permissions: &[]string{"create_direct_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
}
th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) {
@ -301,7 +309,7 @@ func TestPatchRole(t *testing.T) {
assert.Equal(t, received.Name, role.Name)
assert.Equal(t, received.DisplayName, role.DisplayName)
assert.Equal(t, received.Description, role.Description)
perms := []string{"manage_system", "manage_incoming_webhooks", "manage_outgoing_webhooks"}
perms := []string{"create_direct_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"}
sort.Strings(perms)
assert.EqualValues(t, received.Permissions, perms)
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)